🐛 Issues with the --use-recording switch and cnspec mock

[mm-weber]

1) the --use-recording switch depends on live provider authentication

cnspec scan k8s   -f ~/projects/cnspec-enterprise-policies/policies/amazon-eks.mql.yaml --discover clusters   --use-recording ~/projects/cnspec-enterprise-policies/certifications/eks-1.4.0/pass-k8s.json

using the online k8s provider with the --use-recording switch will work sort-of, but only with an online asset, which can be the wrong one.

Running against this EKS PASS recording when kubctl is actually talking to an AKS cluster, will lead to the correct results, but with the wrong asset

2) the --use-recording switch running against a recording that would need the --sudo switch it will fail the checks that count on it

cnspec scan mock   -f ~/projects/cnspec-enterprise-policies/policies/azure-aks.mql.yaml   --use-recording ~/projects/cnspec-enterprise-policies/certifications/aks-1.5.0/pass-node.json -o full

Desired behaviour.

• Be able to use cnspec scan mock and --use-recording as a replacement for any other provider, e.g. cnspec scan k8s and --use-recording
• Be able to cnspec scan mock and --use-recording without depending on a live connection to a previously scanned asset cnspec scan --record when scanning a .json file.

[benr]

@vjeffrey @chris-rock This should be addressed as we require the functionality for our testing efforts.

[mm-weber]

Linux Recordings:

cnspec scan mock -f ../../policies/cis-debian-linux-12.mql.yaml --use-recording debian-l1-pass.json -o full

[mm-weber]

Related to:
mondoohq/cnquery#4330